diff --git a/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py b/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py
index ea755d8c..eae488f2 100644
--- a/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py
+++ b/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py
@@ -1402,6 +1402,10 @@ def hec_raw_replay(
         url_with_hec_path = urllib.parse.urljoin(
             url_with_port, "services/collector/raw"
         )
+
+        if attack_data_file.endpoint:
+            url_with_hec_path = urllib.parse.urljoin(url_with_port, attack_data_file.endpoint)
+
         with open(tempfile, "rb") as datafile:
             try:
                 res = requests.post(
diff --git a/contentctl/objects/test_attack_data.py b/contentctl/objects/test_attack_data.py
index 5d5f9c80..7f3437c8 100644
--- a/contentctl/objects/test_attack_data.py
+++ b/contentctl/objects/test_attack_data.py
@@ -11,3 +11,4 @@ class TestAttackData(BaseModel):
     sourcetype: str = Field(...)
     custom_index: str | None = None
     host: str | None = None
+    endpoint: str | None = None